7 matches found
EUVD-2010-4690
Malware in sbrugna...
EUVD-2022-2995
Malicious code in bioql PyPI...
Updated php-smarty packages fix security vulnerability
Cross site scripting vulnerability in Javascript escaping. CVE-2023-28447 Additional bug fixes included. See referenced release notes for details...
MGASA-2023-0014 Updated php-smarty packages fix security vulnerability
It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...
The vulnerability of the implementation of the isTrustedResourceDir method in the Smarty_Security template handler for PHP Smarty allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the isTrustedResourceDir method in the SmartySecurity template handler class for PHP Smarty is related to errors in restricting access to directories with limited permissions. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...
MGASA-2014-0469 Updated php-smarty packages fix security vulnerability
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template CVE-2014-8350...
CVE-2014-8350
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template...